ad.firstsolutions.com pop-ups

[Lady Cardea]

Greetings,

I am experiencing pop-ups in IE from Ad.firstadsolutions.com, even when I am not using the IE browser.

RealBlackStuff , I followed your advice in the thread "need expert for hijackthis.log against ad.firstadsolutions!!!!" by: eeerik
and the problem still exists.

I have attached the HJT & the Ewido as you had asked of eeerik. I thank you in advance for your time...and patience, as you have already addressed this problem previously.

Lady Cardea~

 

[howard_hopkinso]

Hello and welcome to Techspot.

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

Bat rect.exe
Ford software close.exe

Close task manager.

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe

O2 - BHO: (no name) - {9C7F51E9-00E0-E4D3-8ACF-FF03451E7000} - C:\DOCUME~1\ME4D6B~1.GAM\APPLIC~1\EXTRAB~1\ARMYDENT.exe (file missing)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [Dash owns 64 mapi] C:\Documents and Settings\All Users\Application Data\purepartdashowns\Bat rect.exe

O4 - HKCU\..\Run: [Math open] C:\DOCUME~1\ME4D6B~1.GAM\APPLIC~1\STARTGPL\Ford software close.exe

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Fix all 016-DPF entries.

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files(if there).

C:\Documents and Settings\All Users\Application Data\purepartdashowns\Bat rect.exe

C:\DOCUME~1\ME4D6B~1.GAM\APPLIC~1\STARTGPL\Ford software close.exe

Reboot into normal mode and turn system restore back on.

Post a fresh HJT log.


Regards Howard :wave: :wave:

 

[Lady Cardea]

~HUGE HUGS~ Howard,

Did as you said and so far (fingers crossed) nothing has popped-up...

Thank you so much :angel:

One more quick question, what are these? And do I need them? They are in the attached HJT file. (ok that was 2 q's)

O9 - Extra button: (no name).....
O9 - Extra button: FlashGet - ......
O9 - Extra 'Tools' menuitem: &FlashGet - .....

Lady Cardea~

 

[howard_hopkinso]

Let HJT fix the following.

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Flashget is a download manager programme that helps to speed up your downloads etc. You`ll probably want to keep it.

Other than the above, you HJT log is clean.

Regards Howard

 

[Lady Cardea]

Howard,

The ads are back again... and here's the HJT.. noticed the ....ford software close.exe is back. I did everyting you said again, and for awhile it clears up..then it comes back.

I do not freely "surf" the net. I have a few choice places I go and have done for the past 6 years that Ive had internet. I did do a search to see where else this fordsoftware.exe could be (if that is the problem) but came up empty handed.

I have run Spybot Search and Destroy, Xsoft, pc pit stop anti-virus, Adware SE, pc clean up, and SpywareBlaster... I am on the verge of just nuking my pc...something I have been trying to avoid as I hate re-installing everything (yes, lame excuse).

Any more suggestions?

Again Thanks.

 

[howard_hopkinso]

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html


Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

Ford software close.exe

Close task manager.

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKCU\..\Run: [Math open] C:\DOCUME~1\ME4D6B~1.GAM\APPLIC~1\STARTGPL\Ford software close.exe

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll

Click on the fix checked button.

Close HJT.

Run HJT again and click on the config button, then on the misc tools button. Click on the delete file on reboot button and browse to STARTGPL\Ford software close.exe. Click the file and click open. You will be prompted to restart your computer, click yes.

After your computer has restarted, turn on system restore again.

Regards Howard

 

[Lady Cardea]

Thanks Howard, so far so good. :grinthumb

~Lady Cardea

 

[howard_hopkinso]

Your HJT log is now clean. Hopefully the popups won`t come back this time.

You should deffinitely install an antivirus programme and a firewall.

AVG free and Zonealarm free are both very good.

You can get them HERE and HERE.

Install Zonealarm first, followed by AVG. Then, once done, run the AVG updates.

Regards Howard